cognito_token_verifier 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/Gemfile.lock +2 -2
- data/cognito_token_verifier.gemspec +1 -0
- data/lib/cognito_token_verifier/config.rb +6 -3
- data/lib/cognito_token_verifier/errors.rb +12 -0
- data/lib/cognito_token_verifier/token.rb +7 -4
- data/lib/cognito_token_verifier/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 02ef1ab0355a54f560d05129aa92616d8545ce11e2535787e9444ca8241e4119
|
|
4
|
+
data.tar.gz: 34ce55f919bf09784375ad764031eb4f724258e50dc18fcc777a9428ca601d27
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ea02cd0a5f932fe6e41e4ff23baa33df6219887022a44dd2e0ad4bc4a291b962a0867035e9358f7c9f9556764859ab318a61abf0b5d4147968c2171a0ee1f5e2
|
|
7
|
+
data.tar.gz: be564bb2c4ef81f015b458e44b033f11d807c7b3cb3b9c960f16c4982dd2090b28e865d0d9c2a9a8a7bd9eaafebeb07f26f84c06f415545846f35ba6f465f4e9
|
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
cognito_token_verifier (0.
|
|
4
|
+
cognito_token_verifier (0.2.0)
|
|
5
5
|
activesupport (>= 4.2, < 6.0)
|
|
6
6
|
json-jwt (~> 1.1)
|
|
7
7
|
rest-client (~> 2.0)
|
|
@@ -107,7 +107,7 @@ PLATFORMS
|
|
|
107
107
|
DEPENDENCIES
|
|
108
108
|
actionpack (>= 4.2, < 6.0)
|
|
109
109
|
bundler (~> 2.0)
|
|
110
|
-
byebug
|
|
110
|
+
byebug (~> 11.0)
|
|
111
111
|
cognito_token_verifier!
|
|
112
112
|
rake (>= 10.0, < 13.0)
|
|
113
113
|
rspec-rails (~> 3.0)
|
|
@@ -12,6 +12,7 @@ Gem::Specification.new do |spec|
|
|
|
12
12
|
spec.summary = %q{Verify and parse AWS Cognito JWTs to authenticate endpoints}
|
|
13
13
|
spec.homepage = "https://github.com/CodingAnarchy/cognito_token_verifier"
|
|
14
14
|
spec.license = "MIT"
|
|
15
|
+
spec.required_ruby_version = ">= 2.3.8"
|
|
15
16
|
|
|
16
17
|
# Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
|
|
17
18
|
# to allow pushing to a single host or delete this section to allow pushing to any host.
|
|
@@ -20,9 +20,12 @@ module CognitoTokenVerifier
|
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
def jwks
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
23
|
+
begin
|
|
24
|
+
raise ConfigSetupError.new(self) unless aws_region.present? and user_pool_id.present?
|
|
25
|
+
@jwks ||= JSON.parse(RestClient.get(jwk_url))
|
|
26
|
+
rescue RestClient::Exception, JSON::JSONError => e
|
|
27
|
+
raise JWKFetchError
|
|
28
|
+
end
|
|
26
29
|
end
|
|
27
30
|
|
|
28
31
|
def iss
|
|
@@ -12,11 +12,23 @@ module CognitoTokenVerifier
|
|
|
12
12
|
end
|
|
13
13
|
end
|
|
14
14
|
|
|
15
|
+
class JWKFetchError < StandardError
|
|
16
|
+
def message
|
|
17
|
+
"Error fetching JWKs for your Cognito user pool. Please verify your configuration of the CognitoTokenVerifier gem."
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
15
21
|
class TokenMissing < CognitoTokenVerifier::Error
|
|
16
22
|
def message
|
|
17
23
|
"Cognito token not provided. Please retransmit request with Cognito token in authorization header."
|
|
18
24
|
end
|
|
19
25
|
end
|
|
26
|
+
|
|
27
|
+
class TokenDecodingError < CognitoTokenVerifier::Error
|
|
28
|
+
def message
|
|
29
|
+
"Cognito token could not be decoded. Please ensure the request token is from the correct Cognito user pool and try again."
|
|
30
|
+
end
|
|
31
|
+
end
|
|
20
32
|
|
|
21
33
|
class TokenExpired < StandardError
|
|
22
34
|
def message
|
|
@@ -5,10 +5,13 @@ module CognitoTokenVerifier
|
|
|
5
5
|
attr_reader :header, :decoded_token
|
|
6
6
|
|
|
7
7
|
def initialize(jwt)
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
8
|
+
begin
|
|
9
|
+
@header= JSON.parse(Base64.decode64(jwt.split('.')[0]))
|
|
10
|
+
@jwk = JSON::JWK.new(CognitoTokenVerifier.config.jwks["keys"].detect{|jwk| jwk['kid'] == header['kid']})
|
|
11
|
+
@decoded_token = JSON::JWT.decode(jwt, @jwk)
|
|
12
|
+
rescue JSON::JWS::VerificationFailed, JSON::JSONError => e
|
|
13
|
+
raise TokenDecodingError
|
|
14
|
+
end
|
|
12
15
|
end
|
|
13
16
|
|
|
14
17
|
def expired?
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cognito_token_verifier
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Matt Tanous
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-02-
|
|
11
|
+
date: 2019-02-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -183,7 +183,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
183
183
|
requirements:
|
|
184
184
|
- - ">="
|
|
185
185
|
- !ruby/object:Gem::Version
|
|
186
|
-
version:
|
|
186
|
+
version: 2.3.8
|
|
187
187
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
188
188
|
requirements:
|
|
189
189
|
- - ">="
|